Following report by Kaspersky that security researchers have spotted thousands of notifications of attacks on major banks located in the sub-Saharan Africa (SSA) region, some Nigerian experts have explained the attractiveness of the region to hackers.
Kaspersky had informed that the malware used in the attacks indicated that the threat actors are most likely to be an infamous Silence hacking group, previously known to be responsible for the theft of millions of dollars from banks across the world.
Speaking with The Guardian, the Director-General, Delta State Innovation Hub (DSHuB), Chris Uwaje, noted that the attacks are not only on banks but also governments in the region.
According to Uwaje, the reasons are not far-fetched, but suffix to say that “almost all the digital technology infrastructure, especially the software and hardware systems/solutions are foreign and deployed by foreigners, who own the Internet Protocol (IP), harness and control database at almost all the operational levels of the economy. This high risk will continue to mount unless we wake up as a nation to understand that software is life, and who controls software and related ICT domain today, will eventually control our future.”
To the President, Association of Telecommunications Companies of Nigeria (ATCON), Olusola Teniola, the way and manner Nigeria is connected to the World Wide Web (WWW) and Internet is via remote connections to peering stations in either London (generally) and New York (via London), and hence the view for any hacker is straight-forward.
Teniola said access to Nigeria’s major financial community is via London, and easy to translate this to IPv4 addresses utilised by the banks. “The rest is easy, as most SSA banks that have operations outside Nigeria but along the ECOWAS corridor or in other parts of SSA have a simplistic inter-operable connection via VSAT to London or their HQ based in Lagos.
Cybersecurity skills to reconfigure or dynamically change IP addresses and apply IPSec on the fly are greatly missing, and this makes the hackers’ job a trivial one,” he stressed.
Tackling this challenge, Teniola urged financial institutions to build their systems along with best practices and avoid cheap solutions based solely on costs.
“For instance, it is very much the case that our banks are viewed as less than Tier-1 banks at the global level and therefore access and protection using global protection systems don’t cover SSA IP networks. So SSA banks are left to their own devises to sort out their IP infrastructure and connection to the WWW in a manner that is not structured by ad-hoc and evolving at best.
“The banks need to engage specialist cybersecurity personnel and adopt a garden-walled approach to other local vulnerable systems including interfaces to the mobile telephony networks to reduce exposure.”
He stressed the need for a total overhaul of how the banks view and approach cyber threats, and not to be over-reliant on foreign systems and procedures overlaid on the software and hardware platforms acquired from certain countries.
According to him, a mixture of both local expertise (environment and social engineering know-how) and systems knowledge is very critical.
From Uwaje’s perspective, there is a need for dynamic legislation and Domain-knowledge regulation of the software ecosystem.
“Banks should be compelled to migrate to locally developed applications within a mandatory Timeline of 36 months. Encourage and fund Nigerian software houses/companies to collaborate, partner and merge to develop robust software solutions and services for the banking and finance sector.
A System Analyst, Chinedu Okafor, noted that security is a daily activity, especially in an environment where IT is evolving every day.
According to him, if Nigerian banks are hacked, it simply means “we are one step behind. So it is just a challenge. The IT frequency experts now need to top their skills to prevent future occurrence because hackers are always everywhere. There are always counter security measures everywhere every day. Even institutions, they are targets for hackers.”
“So banks should not rest on their oars. Some banks I know also pay some companies to hack their website in order to know how good their security measures are. On a daily basis, since it is a financial institution, what they need to do is to keep improving their security measures, and may be that is what we are proposing that if their database can be secured bio-metrically, security breaches will be minimal if not eradicated.”
Furthermore, the Russian firm disclosed that the Silence group is one of the most active Advanced Persistent Threat (APT) actors, which has carried out a number of successful campaigns targeting banks and financial organisations around the globe.
According to it, the typical scenario of the attack begins with a social engineering scheme, as attackers send a phishing e-mail that contains malware to a bank employee. From there the malware gets inside the banks’ security perimeter and lays low for a while, gathering information on the victim organisation by capturing screenshots and making video recordings of the day to day activity on the infected device, learning how things work in the targeted banks.
Once attackers are ready to take action, they activate all capabilities of the malware and cash out using, for example, ATMs. The score sometimes reaches millions of dollars.
The attacks detected began in the first week of January 2020 and indicated that the threat actors are about to begin the final stage of their operation and cash out the funds. To date, the attacks are ongoing and persist in targeting large banks in several SSA countries.